Hosting Provided By

Re: SV: Honeypot detection and countermeasures

From: <dave(at)immunitysec.com>
Date: Tue Jun 24 2003 - 10:44:33 EDT

Well, that's a great way to think about it - as a test of your countermeasures. In fact, there are MANY ways to both remotely and locally detect various breeds of honeypots. VMWare, for example, uses a particular range of MAC addresses, among other things. I always find it funny when people use VMWare as a security measure.

But (imho) it's a truly RARE penetration test team that will notice some of these subtle things, and basically no pentration test teams can remotely discover a honeypot - the technology for doing so just isn't public enough yet. (Well, I just gave away that MAC address trick, but it's limited to the local net, and there are lots of other, better tricks).

Dave Aitel
Immunity, Inc.
http://www.immunitysec.com/

>
> But...the last thing, since that was commented (but was removed from the

Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980

Received on Tue Jun 24 12:00:44 2003

This message: [ Message body ]
Next message: Alfred Huger: "Good example as to why it's wise to hire pen-testers"
Previous message: Rob Shein: "RE: Honeypot detection and countermeasures"
In reply to: Trygve Aasheim: "SV: Honeypot detection and countermeasures"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:38 EDT

Do you need help?